Ransomware as a Service (RaaS): A closer look at how RaaS work

• RaaS creators host their ransomware on the portal, where affiliates can purchase the ransomware at a subscription price.
• Once members use the ransomware to infect computers and get ransom payments from victims, the amount is shared with the service provider at an agreed proportion.

What is Ransomware-as-a-Service (RaaS)?

A Ransomware-as-a-Service allows cybercriminals and would-be hackers to gain access to ransomware and distribute the ransomware by signing up to the service where the service provider offers ransomware and a payment server.

The member will distribute the ransomware to infect victims and get ransom payments from them. The payment amount is then shared by the member and the service provider.

The first RaaS

Tox is the first RaaS which was spotted in 2015, following which several RaaS emerged including Encrypter, Cerber, Satan, Petya, Mischa, Ransom 32, Karman, Philadelphia, Cryptolocker Service, Ranion, Dot Ransomware, Fatboy, BlackRouter, Yatron, and Jokeroo.

How does it work?

• RaaS creators host their ransomware on the portal, where affiliates can purchase the ransomware at a subscription price.
• The price varies depending on the features offered. A free subscription is also available up to certain basic features.
• However, affiliates need to become a member of the RaaS by paying an initial deposit.
• Once members use the ransomware to infect computers and get ransom payments from victims, the amount is shared with the service provider at an agreed proportion.

Features offered

Depending on the membership packages chosen by the members, various features will be offered, which includes,

• The option to customize the ransomware as per requirements.
• Creating own ransom notes in regional languages.
• Ability to choose their own logo, icon, and extension.
• The option to infect an unlimited number of victims.
• Antivirus software undetectable protection and Salsa20 encryption.
• Different payment cryptocurrency options.
• Ability to encrypt all discs and files and delete shadow copy.

List of popular RaaS

• Satan RaaS - Satan Ransomware was first promoted via the Satan Ransomware-as-a-Service (RaaS) on January 19, 2017. This ransomware was offered for free, however, users have to register to the RaaS by paying an initial payment.
• Encryptor RaaS - In July 2015, the Encryptor RaaS was launched. Encryptor RaaS’s entire infrastructure was hidden within the Tor network, with affiliates need to contact the service provider only via the Tor network.
• Jokeroo RaaS - Jokeroo RaaS is being offered in multiple membership packages ranging from $90 to $300 and $600. In the basic package, a member earns 85% of the ransom payments. As members go up the package ladder, they get extra benefits.
• Yatron RaaS - In March 2019, a new Ransomware-as-a-Service (RaaS) was promoted via Twitter. The RaaS is offered for a single payment of $100. Yatron RaaS offers FUD ransomware and FUD decryptor with the ability to spread via P2P, USB, and LAN.

Ransomware-as-a-Service (RaaS) portals are becoming popular due to the low membership fee offered in the market as well as the ease of ransomware use even by non-technical people.